-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[VC-34401] Add Prometheus metrics endpoint #271
Changes from all commits
9ac6b38
1f6d79f
273dd1e
5413205
5b7d752
ab3a39d
3f82ded
7e0684c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Setting
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Generated by |
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Naming the port is not strictly necessary, but adding it allows the PodMonitor (if enabled) to use the named port "http-metrics" rather than the port number. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should I add There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think that is necessary, we already have the |
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The latest thinking is that we only need to provide a PodMonitor, not a ServiceMonitor.
The template is copied and adapted from cert-manager: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. IIRC with a ServiceMonitor PrometheusOperator uses the Endpoints object created by the Service to discover the targets. I agree that PodMonitor is less effort as we don't have to create an extra Service |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{{- if and .Values.metrics.enabled .Values.metrics.podmonitor.enabled }} | ||
apiVersion: monitoring.coreos.com/v1 | ||
kind: PodMonitor | ||
metadata: | ||
name: {{ include "cert-manager-csi-driver.name" . }} | ||
{{- if .Values.metrics.podmonitor.namespace }} | ||
namespace: {{ .Values.metrics.podmonitor.namespace }} | ||
{{- else }} | ||
namespace: {{ .Release.Namespace | quote }} | ||
{{- end }} | ||
labels: | ||
{{- include "cert-manager-csi-driver.labels" . | nindent 4 }} | ||
prometheus: {{ .Values.metrics.podmonitor.prometheusInstance }} | ||
{{- with .Values.metrics.podmonitor.labels }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- with .Values.metrics.podmonitor.annotations }} | ||
annotations: | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
spec: | ||
jobLabel: {{ include "cert-manager-csi-driver.name" . }} | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: {{ include "cert-manager-csi-driver.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- if .Values.metrics.podmonitor.namespace }} | ||
namespaceSelector: | ||
matchNames: | ||
- {{ .Release.Namespace | quote }} | ||
{{- end }} | ||
podMetricsEndpoints: | ||
- port: http-metrics | ||
path: /metrics | ||
interval: {{ .Values.metrics.podmonitor.interval }} | ||
scrapeTimeout: {{ .Values.metrics.podmonitor.scrapeTimeout }} | ||
honorLabels: {{ .Values.metrics.podmonitor.honorLabels }} | ||
{{- with .Values.metrics.podmonitor.endpointAdditionalProperties }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Introduced errgroup to handle the starting and stopping of the driver and health server in separate go routines.
I initially used the metrics server from cert-manager (990886f), but decided to switch to use the controller-runtime version, for consistency with the approver-policy project (and presumably other of our controller-runtime based controllers).
In addition to supporting a HTTPS metrics server (which we can introduce in another PR) it also supports built-in (kube-rbac-proxy style) authorization which might also be useful to users in future.
That authorization feature seems to have been sponsored by the cluster-api developers:
See:
The metrics server log message looks like this: